<?php
require_once("../data/common.php");
if ($user->logged_in == FALSE) {
	die("Login first.");
}

$device_id = 0;
if (!empty($_GET)) {
	if (!empty($_GET['edit_device'])) {
		$device_id = filter_var($_GET['edit_device'],FILTER_SANITIZE_STRING);
	}
}

$sql = "SELECT * FROM users WHERE id = ?;";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($user->logged_in_user_id));
$rows = $stmt->fetchAll();
while( list($id, $row) = each ($rows) ) {
	while( list($key, $data) = each ($row) ) {
		$variables['USER_'.strtoupper($key)] = $data;
	}
}

if (!empty($_POST)) {
	$variables['ERROR'] = "";
	$variables['RESPONSE'] = "";
        if($_POST['submit'] == 'Update')
	{
		if (empty($_POST['email']))
			$variables['ERROR'] .= "You need to enter a email address<br />";
		else    $email = sanitize($_POST['email']);

		if (!empty($_POST['password']))
		{
			if($_POST['password_confirm'] != $_POST['password'])
				$variables['ERROR'] .= "You need to enter a password twice to be sure<br />";
			else
				$password = sanitize($_POST['password']);
		}

		if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $_POST['email']))
			$variables['ERROR'] .= "Not a valid email address<br />";
		
		if (empty($variables['ERROR'])) {
			if ($email != $variables['USER_EMAIL'])
			{
				if ( $user->update_user_email($email) ) {
					$variables['RESPONSE'] .= "Email address updated<br />";
					$variables['USER_EMAIL'] = $email;
				} else {
					$variables['ERROR'] .= "Oops! Something broke down. Unable to update email address<br />";
				}
			}
			if(isset($password))
			{
				if ( $user->update_user_password($password) ) {
					$variables['RESPONSE'] .= "Password changed.<br />";
				} else {
					$variables['ERROR'] .= "Oops! Something broke down. Unable to update password<br />";
				}
			}
		}
	}
	else if($_POST['submit'] == 'Add') // Add new device
	{
		$dev_desc = sanitize($_POST['device_description']);
		$dev_userkey = sanitize($_POST['device_userkey']);
		$stmt = $dbh->prepare("INSERT INTO users_devices(user_id, userkey, device_description) VALUES(?, ?, ?)");
		$stmt->execute(array($user->logged_in_user_id, $dev_userkey, $dev_desc));
	}
	else if($_POST['submit'] == 'Modify')
	{
		$dev_desc = sanitize($_POST['device_description']);
		$dev_userkey = sanitize($_POST['device_userkey']);
		$stmt = $dbh->prepare("UPDATE users_devices SET device_description = ?, userkey = ? WHERE user_id = ? AND id = ?");
		$stmt->execute(array($dev_desc, $dev_userkey, $user->logged_in_user_id, $device_id));
	}
}

$sql = "SELECT * FROM users WHERE id = ?;";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($user->logged_in_user_id));
$rows = $stmt->fetchAll();
while( list($id, $row) = each ($rows) ) {
	while( list($key, $data) = each ($row) ) {
		$variables['USER_'.strtoupper($key)] = $data;
	}
}

$stmt = null;

$sql = "SELECT * FROM users_devices WHERE user_id = ?;";
$stmt = $dbh->prepare($sql);
$stmt->execute(array($user->logged_in_user_id));
$rows = $stmt->fetchAll();

while( list($key, $data) = each ($rows) ) {
	$variables['DEVICES'] .= sprintf('<div class="device"><strong>%s</strong><br />USERKEY: %s<br /><a href="?page=profile&edit_device=%d">Edit device</a></div>', empty($data['device_description']) ? "Device has no name" :$data['device_description'] , $data['userkey'], $data['id'])."\n";
	if ( $data['id'] == $device_id ) {
		$variables['DEVICE_ID'] = $device_id;
		$variables['DEVICE_DESCRIPTION'] = $data['device_description'];
		$variables['DEVICE_USERKEY'] = $data['userkey'];
	}
}
if ($device_id != 0)
	$variables['DEVICE_ACTION'] = "Modify";
else	$variables['DEVICE_ACTION'] = "Add";
$template = new STE();
$template->load("profile");
$template->assign($variables);
print $template->display();


?>